> Would there be interested in a PAP replacement? Something like
> Tunnel-Password comes to mind. A 16-bit salt would make attacks more
> difficult, but if the salt is coming from the same low-entropy pool as
> the RA, I'm not sure it would help.
That is partially what the discussion about Keywrap is about. The known
plaintext attacks are enabled by the use of a stream cipher; if a
credible block cipher (like AES) were used instead, it would not be a
problem.
> > For example, a NAS can attempt to satisfy the global uniqueness
> > property by utilizing the IP address in the high order bits of the
> > RA and then utilizing a pseudo-random number in the low order bits.
>
> Is it worth codifying recommendations? i.e. RA = (IP + counter +
> pseudo-random number + ...) That would help guide implementors, at
> least.
Perhaps. There are alternatives, of course. MAC address + reboot counter
+ pseudo-random number would work as well.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>